Iowa state court officials contracted with Coalfire to conduct "penetration tests" on its security; as part of those tests, two Coalfire employees broke-and-entered the Adel, Iowa courthouse, and were caught by law-enforcement, whose bosses in Dallas County were not notified of the test.
The state has apologized to the county, but the two Coalfire employees were still in jail as of this writing.
As Sean Gallagher points out at Ars Technica, penetration testers often have broadly defined scopes of work for their engagements, and this highlights the risk of a brief that essentially goes, "Just do what it takes to figure out if criminals could compromise our security."
State court administration (SCA) is aware of the arrests made at the Dallas County Courthouse early in the morning on September 11, 2019. The two men arrested work for a company hired by SCA to test the security of the court’s electronic records. The company was asked to attempt unauthorized access to court records through various means to learn of any potential vulnerabilities. SCA did not intend, or anticipate, those efforts to include the forced entry into a building. SCA apologizes to the Dallas County Board of Supervisors and law enforcement and will fully cooperate with the Dallas County Sheriff’s Office and Dallas County Attorney as they pursue this investigation. Protecting the personal information contained in court documents is of paramount importance to SCA and the penetration test is one of many measures used to ensure electronic court documents are secure.
Check the scope: Pen-testers nabbed, jailed in Iowa courthouse break-in attempt [Sean Gallagher/Ars Technica]
Hackers working for China’s government targeted firms working on coronavirus vaccines, and stole hundreds of millions of dollars worth of intellectual property and trade secrets, claims the Justice Department in a statement Tuesday announcing criminal charges.
This is quite a major hack. Now is a good time to change your Twitter password, if you are a user. Hackers pumping a cryptocurrency giveaway scam appear to have compromised the Twitter accounts of leading exchanges, prominent individuals, major corporations, and at least one news organization.
The mobile phones of a number of politicians in Spain, including the president of Catalonia’s parliament, were recently hacked. The government of Spain has been an NSO customer since 2015, reports Motherboard on Tuesday. NSO Group is an Israeli company that sells surveillance and hacking tools to governments around the world.
For those who want a career in video games, there’s no reason to sit around and wait. EA and Rockstar Games probably aren’t going to seek you out and knock on your door with a job opportunity. But if you’re an indie developer with a good idea and some passion, you can create a really […]
Nobody is happy about the current state of our COVID-ravaged education system. With a new school year fast approaching, plans for teaching students still in flux, and political in-fighting driving more fear and confusion about whether or not to re-open campuses, teachers and parents are concerned. Meanwhile, most kids are just fine with spending less […]
Creating a fantasy world for a video or role-playing game is tough enough. In addition to all the game framework and functionality that goes into a build of any size, creators invariably sweat over the most minute details of every weapon, outfit, or other distinctive objects in their game. Even if your game is set […]